Simon

@XenonOracle @martenmickos Hey bro...as Martin Luther King Jr. said, "We must accept finite disappointment, but never lose infinite hope." don't blame dreams for poor expectations.

@martenmickos It’s true that bug bounty can be life changing for some people but it’s also true it has destroyed the mental health of a lot of people. Please don’t sell dreams.

Bug bounty changed my life, says VigilShooter. "They have paid out 15K in total which completely changed my life. I got a car with that money, paid for my kids tuition this year, and paid off my last debt. " bugbounty.forum/post/c80a5a0f-…

@martenmickos Shoutout to you and HackerOne! So many researchers have succeeded and had their lives changed. Truly amazing!

[POC2025] SPEAKER UPDATE 👥 Bocheng Xiang(@crispr_x) & HeeChan Kim(@heegong123) - "Follow the Link: Building Full-Chain Local Privilege Escalation on Windows" #POC2025

I'm very happy to receive this gift from MSRC @msftsecresponse. Although vulnerability research can be challenging, if you stay passionate, work hard, and persevere, your efforts will always be rewarded. Good luck to all!

Grateful for his trust, inspired by his legacy — forever remembered. 🌹🕊️

@Hack_All_Things RIP. Roy you'll be deeply missed 🙏. Thank you for everything you did for us.

Peace out world. Best wishes to all. ALS has won this battle, but hopefully not the war!

@steventseeley @edwardzpeng Yuki is an excellent researcher who has achieved great success at MSRC. I imagine he's very grateful to the MSRC team.

@edwardzpeng Yuki already gone!

@edwardzpeng Consider the situation from MSRC's perspective for a moment. Is it possible that their conclusion is justified?

Good Morning! Just published a blog post diving into Windows Kernel LFH exploitation in the latest Windows 24h2 build, Focusing on controlled allocations to achieve arbitrary read/write in the kernel. r0keb.github.io/posts/Modern-(…

Proud to be ranked 42nd on the MSRC 2025 Most Valuable Security Researchers list! Thank you so much @msftsecresponse

Two of my previously reported vulnerabilities were fixed in Microsoft's July Patch Tuesday. And left a mark on the MSRC Q2 leaderboard. Thank you! @msftsecresponse

@Hack_All_Things @Hacker0x01 @salesforce Congrats! Roy

I am honored and humbled to have received this lifetime achievement award today from @Hacker0x01 . When I began working with the bug bounty team at @salesforce in 2016, I was a total noob. I quickly identified an unknown passion for it, and have never looked back. I continued my career at @Zoom in 2020, where I am today. I am grateful to so many influential mentors along the way, including Angelo Prado, Emre Saglam, Adam Ruddermann, Andy Grant, Annika Carr, Sandra McLeod, Crystal Hazen, Martijn Russchen, and countless others. And to the hundreds of ethical hackers and security researchers I have had the honor to work with, and many who I have become friends with, thank you for your tireless work, dedication, and gracious professionalism. Thank you @Hacker0x01 for this recognition. I know I am not always the easiest guy to work with, and I truly appreciate everyone who has put up with me over the years. Peace and love to all.

@osipov_ar Great find! Congrats! Do these qualify for a bounty?

Yesterday, Microsoft patched two Remote Code Execution vulnerabilities in Outlook that we discovered. 🙃 1. CVE-2025-47171 --> msrc.microsoft.com/update-guide/e… 2. CVE-2025-47176 --> msrc.microsoft.com/update-guide/e… ⚠️ More findings on the way — stay tuned.

cool to be tagged and truly honored

An analysis of CVE-2024-44236 - an RCE in macOS due to the lack of proper validation of “lutAToBType” and “lutBToAType” tag types. Read the details, see the source code review, and get detection guidance at zerodayinitiative.com/blog/2025/5/7/…

@tunadv Thank you!

@sim0nsecurity Amazing. Congrats!🔥

CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy. The Trend Research Team dives deep into this bug to look at the root cause and complexities of exploitation. They also provide detection guidance. Read the details at zerodayinitiative.com/blog/2025/3/3/…

@Sakana_Walnut Apologies here, but due to policy restrictions, I am unable to disclose information about this vulnerability.

@sim0nsecurity Will you share some detail about this? I'm only familiar with chromium, so I only know the attack surface that is migrated from chromium. Thanks👀

This is my first time pwning Microsoft Edge. msrc.microsoft.com/update-guide/v…

@MSFTBlueHat Thank you!

@sim0nsecurity Nicely done, Simon!

I have made MSRC’s 2024 Q4 leaderboard! #BugBounty #msftsecresponse